How does client send an authentication token back to the user in OpenID connect?

Question

I'm learning about OpenID connect and OAuth2.0 and i think there is something missing, what the client will do after receiving the ID token from the authorization server?
Ok it now has a JWT that contains information about the user, but when the user wants to send a request to the client to do whatever he wants to do, he should attach a token with his request, right? so, when the client will generate this token? as far as i know, if a server uses HTTP as its protocol, it can't send data to the user if the user didn't issue a request, so it shouldn't be able to send that token without a request from the user.

Did i miss something?

I tried to search about this stuff, and I didn't find anything useful.

Answer 1

Ok it now has a JWT that contains information about the user, but when the user wants to send a request to the client to do whatever he wants to do, he should attach a token with his request, right?

Should say "but when the client wants to send a request to the server ..."

if a server uses HTTP as its protocol, it can't send data to the user if the user didn't issue a request, so it shouldn't be able to send that token without a request from the user.

The token will have been provided to the client during sign-on process.

---

To summarise the process:

1. Client enters credentials (eg username and password) and sends those to a login endpoint.
2. The login server will generate a JWT and return to client.
3. Client receives a JWT and caches it locally at the client end ready to be sent to the server on subsequent requests.
4. On all subsequent requests to the server the client will attach the cached JWT in the authorization headers of the http request.
5. The server will validate the token to ensure client is authenticated.